1CO. 


Information Commissioner's Office 


ICO consultation on the draft right of access 
guidance 

Qi Does the draft guidance cover the relevant issues about the right 
of access? 

K Yes 

O No 


Unsure/don’t know 


If no or unsure/don’t know, what other issues would you like to be 
covered in it? 


Q2 Does the draft guidance contain the right level of detail? 


O Yes 
O No 
X Unsure/don’t know 


If no or unsure/don't know, in what areas should there be more detail 
within the draft guidance? 


Our community would welcome further guidance on how companies can define the scope 
of the DSAR search, and how to deal with manifestly unfounded or excessive DSARs. This 
is particularly important for SMEs, which have limited resources and limited available 
counsel, and can bear overwhelming operational and financial in processing DSARs. 


Q3 Does the draft guidance contain enough examples? 


O Yes 


O No 
X Unsure/dont know 


If no or unsure/don’t know, please provide any examples that you 
think should be included in the draft guidance. 


Our community would tremendously benefit from guidance/ or criteria for proportionality. 
Currently our members miss any legal certainty with regards to scoping down the 
excessive and disingenuously submitted DSARs. In order to meet their obligations as data 
controllers in an efficient way for both, themselves and the data subject/requestor, our 
members would appreciate direction on how to determine relevant data to be provided. 


Q4 


We have found that data protection professionals often struggle with applying and 
defining 'manifestly unfounded or excessive’ subject access requests. We would 
like to include a wide range of examples from a variety of sectors to help you. 
Please provide some examples of manifestly unfounded and excessive requests 
below (if applicable). 


One company highlighted an instance where an additional DSAR was submitted in order 
to suspend an inactivity which could have led to a close out of a court proceeding. 


Another indicator that privacy is not at the core of the DSAR is seen in the fact that 
requests will be submitted mainly in course of grievance processes or that data subjects 
are not willing to provide further indication of what information is of interest to them. 
Further guidance on how to tackle such situations is needed. 


Q5 On a scale of 1-5 how useful is the draft guidance? 

1 - Not at all 2 - Slightly 3 - Moderately 4 - Very useful 5 - Extremely 
useful useful useful useful 
O O Xx O O 

Q6 Why have you given this score? 

The guidance covers important aspects such as timing, exemptions, format of response. 
However, SMEs in particular would benefit from practical guidance on how to avoid 
becoming overwhelmed by excessive or unfounded requests in a manner that does not 
incur high resources and costs on the business. 

Q7  Towhat extent do you agree that the draft guidance is clear and easy to understand? 
Strongly Disagree Neither agree nor Agree Strongly agree 
disagree disagree 

O O O O 
Q8 Please provide any further comments or suggestions you may have about the draft 


guidance. 


Feedback from our business community showed that further guidance on what constitutes 
proportionality in carrying out searches in order to locate an individual's personal data is 
needed. 


For example, even when data controllers can rely on electronic searches, human 
intervention is more often than not needed to evaluate whether the data should or should 
not be disclosed. The ICO should provide clear instructions regarding to what extent time 
and cost can be used to define what constitutes a proportional response to a DSAR. 


Q9 Are you answering as: 


O An individual acting in a private capacity (eg someone 
providing their views as a member of the public) 

L] An individual acting in a professional capacity 

X On behalf of an organisation 

O Other 


Please specify the name of your organisation: 


BritishAmerican Business 
What sector are you from: 


Business services 


Q10 How did you find out about this survey? 


ICO Twitter account 
ICO Facebook account 
ICO LinkedIn account 
ICO website 

ICO newsletter 

ICO staff member 
Colleague 


O 0 Wp BF 


Personal/work Twitter account 
Personal/work Facebook account 
Personal/work LinkedIn account 
Other 


a00 g 


Thank you for taking the time to complete the survey. 


